OpenShift Online implements a custom broker auth plugin in Rails to connect to our internal Red Hat authentication server (complex version of the mongo auth plugin).
It has been a long standing goal to make the console cookie session aware, use an auth token as a session key, and to separate the login/logout function out into a separate, pluggable set of pages. I started a branch a while back that took code from online and moved it up. The challenge is that it would make mod_auth integration change slightly and I was hesitant to inflict that on downstream consumers. I'll try to publish that branch so folks can see it.
In a future revision of OpenShift we are considering moving the broker api to be 100% auth token based, and only allowing custom authentication (excluding client certs which are carried with https automatically) on a single endpoint - the POST /authorizations hook. That would dramatically simplify the work to integrate for clients, but it's a somewhat large change. Note that if we did this we'd introduce a new API version (the long awaited v2 API). The console would then be forced to become auth token compatible and we'd have to split that out. As part of that, it might be time to add an general auth component to Openshift (supporting oauth2 and multiple logins per user).
Any other things folks want out of auth on Openshift?
On Jul 12, 2014, at 1:36 PM, Mateus Caruccio <mateus caruccio getupcloud com> wrote: